def test_load_ssl_context():
ssl_context = ssl.create_default_context()
ssl_config = httpx.SSLConfig(verify=ssl_context)
assert ssl_config.verify is True
assert ssl_config.ssl_context is ssl_context
assert repr(ssl_config) == "SSLConfig(cert=None, verify=True)"
def test_load_ssl_config_cert_and_key_invalid_password(
cert_pem_file, cert_encrypted_private_key_file):
ssl_config = httpx.SSLConfig(cert=(cert_pem_file,
cert_encrypted_private_key_file,
"password1"))
with pytest.raises(ssl.SSLError):
ssl_config.load_ssl_context()
def test_load_ssl_config_cert_and_encrypted_key(
cert_pem_file, cert_encrypted_private_key_file, password):
ssl_config = httpx.SSLConfig(cert=(cert_pem_file,
cert_encrypted_private_key_file,
password))
context = ssl_config.load_ssl_context()
assert context.verify_mode == ssl.VerifyMode.CERT_REQUIRED
assert context.check_hostname is True
def test_ssl_config_support_for_keylog_file(tmpdir, monkeypatch):
with monkeypatch.context() as m:
m.delenv("SSLKEYLOGFILE", raising=False)
ssl_config = httpx.SSLConfig(trust_env=True)
ssl_config.load_ssl_context()
assert ssl_config.ssl_context.keylog_filename is None
filename = str(tmpdir.join("test.log"))
with monkeypatch.context() as m:
m.setenv("SSLKEYLOGFILE", filename)
ssl_config = httpx.SSLConfig(trust_env=True)
ssl_config.load_ssl_context()
assert ssl_config.ssl_context.keylog_filename == filename
ssl_config = httpx.SSLConfig(trust_env=False)
ssl_config.load_ssl_context()
assert ssl_config.ssl_context.keylog_filename is None
def test_load_ssl_config_verify_env_file(https_server, ca_cert_pem_file,
config):
os.environ[config] = (ca_cert_pem_file if config.endswith("_FILE") else
str(Path(ca_cert_pem_file).parent))
ssl_config = httpx.SSLConfig(trust_env=True)
context = ssl_config.load_ssl_context()
assert context.verify_mode == ssl.VerifyMode.CERT_REQUIRED
assert context.check_hostname is True
assert ssl_config.verify == os.environ[config]
# Skipping 'SSL_CERT_DIR' functional test for now because
# we're unable to get the certificate within the directory to
# load into the SSLContext. :(
if config == "SSL_CERT_FILE":
host = https_server.url.host
port = https_server.url.port
conn = socket.create_connection((host, port))
context.wrap_socket(conn, server_hostname=host)
assert len(context.get_ca_certs()) == 1
def test_load_ssl_config_no_verify():
ssl_config = httpx.SSLConfig(verify=False)
context = ssl_config.load_ssl_context()
assert context.verify_mode == ssl.VerifyMode.CERT_NONE
assert context.check_hostname is False
def test_load_ssl_config_cert_without_key_raises(cert_pem_file):
ssl_config = httpx.SSLConfig(cert=cert_pem_file)
with pytest.raises(ssl.SSLError):
ssl_config.load_ssl_context()
def test_load_ssl_config_verify_directory():
path = httpx.config.DEFAULT_CA_BUNDLE_PATH.parent
ssl_config = httpx.SSLConfig(verify=path)
context = ssl_config.load_ssl_context()
assert context.verify_mode == ssl.VerifyMode.CERT_REQUIRED
assert context.check_hostname is True
def test_load_ssl_config_verify_existing_file():
ssl_config = httpx.SSLConfig(verify=httpx.config.DEFAULT_CA_BUNDLE_PATH)
context = ssl_config.load_ssl_context()
assert context.verify_mode == ssl.VerifyMode.CERT_REQUIRED
assert context.check_hostname is True
def test_load_ssl_config_verify_non_existing_path():
ssl_config = httpx.SSLConfig(verify="/path/to/nowhere")
with pytest.raises(IOError):
ssl_config.load_ssl_context()
def test_ssl_eq():
ssl = httpx.SSLConfig(verify=False)
assert ssl == httpx.SSLConfig(verify=False)
def test_ssl_repr():
ssl = httpx.SSLConfig(verify=False)
assert repr(ssl) == "SSLConfig(cert=None, verify=False)"
def test_load_ssl_config():
ssl_config = httpx.SSLConfig()
context = ssl_config.load_ssl_context()
assert context.verify_mode == ssl.VerifyMode.CERT_REQUIRED
assert context.check_hostname is True
